diff options
author | imp <imp@FreeBSD.org> | 1997-07-23 00:49:46 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1997-07-23 00:49:46 +0000 |
commit | f080009db57e6a7b246a2ab15d8a73e4563931b4 (patch) | |
tree | 3f6c130b47ee18671302ddcfcae8cef66be97455 /usr.sbin/lpr/common_source/common.c | |
parent | 5d2b7fa5ede6cefc6d4c6f7df3987bea7b9149b8 (diff) | |
download | FreeBSD-src-f080009db57e6a7b246a2ab15d8a73e4563931b4.zip FreeBSD-src-f080009db57e6a7b246a2ab15d8a73e4563931b4.tar.gz |
Use setuid/seteuid around dangerous operations. Also a few buffer
overflow patches that were "near" to where these operations are taking
place. The buffer overflows are from OpenBSD. The setuid/seteuid patches
are from NetBSD by way of OpenBSD (they changed them a little), at least from
my read of the tree.
This is the first of a series of OpenBSD lpr/et al merges. It (and them)
should be merged back into 2.2 and/or 2.1 (if requested) branches when they
have been shaken out in -current.
Obtained from: OpenBSD
Diffstat (limited to 'usr.sbin/lpr/common_source/common.c')
-rw-r--r-- | usr.sbin/lpr/common_source/common.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.sbin/lpr/common_source/common.c b/usr.sbin/lpr/common_source/common.c index 9f1ee41..8c77774 100644 --- a/usr.sbin/lpr/common_source/common.c +++ b/usr.sbin/lpr/common_source/common.c @@ -109,6 +109,8 @@ char *from = host; /* client's machine name */ int remote; /* true if sending files to a remote host */ char *printcapdb[2] = { _PATH_PRINTCAP, 0 }; +extern uid_t uid, euid; + static int compar __P((const void *, const void *)); /* @@ -155,7 +157,9 @@ getport(rhost, rport) * Try connecting to the server. */ retry: + seteuid(euid); s = rresvport(&lport); + seteuid(uid); if (s < 0) return(-1); if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) { @@ -222,14 +226,16 @@ getq(namelist) DIR *dirp; int arraysz; + seteuid(euid); if ((dirp = opendir(SD)) == NULL) return(-1); if (fstat(dirp->dd_fd, &stbuf) < 0) goto errdone; + seteuid(uid); /* * Estimate the array size by taking the size of the directory file - * and dividing it by a multiple of the minimum size entry. + * and dividing it by a multiple of the minimum size entry. */ arraysz = (stbuf.st_size / 24); queue = (struct queue **)malloc(arraysz * sizeof(struct queue *)); @@ -240,8 +246,10 @@ getq(namelist) while ((d = readdir(dirp)) != NULL) { if (d->d_name[0] != 'c' || d->d_name[1] != 'f') continue; /* daemon control files only */ + seteuid(euid); if (stat(d->d_name, &stbuf) < 0) continue; /* Doesn't exist */ + seteuid(uid); q = (struct queue *)malloc(sizeof(time_t)+strlen(d->d_name)+1); if (q == NULL) goto errdone; |